API Reference Guide
All Onemoney APIs are completely RESTful. All responses are returned in JSON.
The financial data returned as part of responses to data requests are in encrypted XML format. The data is stored as one of the attributes in the JSON response structure.
Onemoney APIs can be used in one of two modes, Test and Live. Visit our developer portal to receive API keys to try out our APIs.
API Gateway URL
Onemoney API Gateway URL https://api-sandbox.onemoney.in/
Please include this before each API endpoint to make API calls
As an FIU
Digital signature generation and validation is currently switched off on our sandbox, for all API-based exchanges between the FIU and the AA. Enabling this involves the exchange of public key information. The same can be done in production-mode through the Central Registry hosted by Sahamati. If you are interested in more information on this, please write to [email protected]
When you access Onemoney APIs, you are authorized based on an FIU
Information User ID) and an API key issued to you by us,
using the developer portal.
The API key can be generated by you as part of the Settings > API Keys function.
The API key needs to be placed in the header of each API
request, as shown below:
Conversely, all APIs implemented by you, such as Post Consent Notification and Post /FI/Notification, that are called by Onemoney, also need to be authorized by you based on an API key issued by you to us.
While using our APIs in test mode, this API key too can be generated by the portal through Settings > API Keys function.
As an FIP
As a Consent Manager
In order to connect to Onemoney APIs to allow consumer registration and consent management activities you need to provide sessionId in header in some APIs and client ID and client secret in some APIs. You need to get the Client ID and Client Secret through the developer portal.
Header Parameters Details
(required only for server application calling the api)
(Required only if the API is being called from a front-end application, not server-side.)
Header elements for API calls from front-end applications
The organisationid (FIU ID), appidentifier and client_id (generated through the developer portal) needs to be placed in the header of each API request, as shown below:
Header elements for API calls from server-side
The organisationid (FIU ID), client_id and client_secret (generated through the developer portal) needs to be placed in the header of each API request, as shown below:
Header elements for API calls requiring sessionId
The sesionId needs to be placed in Header of API requests as shown below: